a55fe75ed1851c74c0f6a83144c3bcc3379a8b58534898534d6272a172879c51

Sharing

Copy URL

Twitter E-mail

General

Target

a55fe75ed1851c74c0f6a83144c3bcc3379a8b58534898534d6272a172879c51
Size

51KB
MD5

9895a6d268a89545246c4bcec0649784
SHA1

8eca666f723a7be1e1663245a077f4b4c89c45c2
SHA256

a55fe75ed1851c74c0f6a83144c3bcc3379a8b58534898534d6272a172879c51
SHA512

b2853fffa140be0aca637207e9e3139f22f99b74b2873a4e8d29ae5713d466672bd78dc5223c27abe009f959e6567df232bf654d39361c2d66279485e854c36b
SSDEEP

768:KiyrBgCpNRzn4HOqwjaM9fFCmFtGPqrL2otvKoko+EvXrVTH7U:KNtpNRkGn9f4mFtGCWMhkonvrVTH7U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a55fe75ed1851c74c0f6a83144c3bcc3379a8b58534898534d6272a172879c51

Files

a55fe75ed1851c74c0f6a83144c3bcc3379a8b58534898534d6272a172879c51
.dll windows:6 windows x64 arch:x64

ad7a084fad31e9e09699f8544fd49d50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

dfhooks_dfhack

?print@color_ostream@DFHack@@QEAAXPEBDZZ
??4PersistentDataItem@DFHack@@QEAAAEAV01@$$QEAV01@@Z
?IsSiteLoaded@World@DFHack@@YA_NXZ
?AddPersistentSiteData@World@DFHack@@YA?AVPersistentDataItem@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetPersistentSiteData@World@DFHack@@YA?AVPersistentDataItem@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N@Z
?GetPersistentSiteData@World@DFHack@@YAXPEAV?$vector@VPersistentDataItem@DFHack@@V?$allocator@VPersistentDataItem@DFHack@@@std@@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@_N@Z
?DeletePersistentData@World@DFHack@@YA_NAEBVPersistentDataItem@2@@Z
??1PersistentDataItem@DFHack@@QEAA@XZ
??A?$DfOtherVectors@Ubuildings_other@df@@W4buildings_other_id@3enums@2@Ubuilding@2@@DFHack@@QEAAAEAV?$vector@PEAUbuilding@df@@V?$allocator@PEAUbuilding@df@@@std@@@std@@W4buildings_other_id@4enums@df@@@Z
??A?$DfOtherVectors@Uitems_other@df@@W4items_other_id@3enums@2@Uitem@2@@DFHack@@QEAAAEAV?$vector@PEAUitem@df@@V?$allocator@PEAUitem@df@@@std@@@std@@W4items_other_id@4enums@df@@@Z
?cur_season@global@df@@3PEAW4season@3enums@2@EA
?cur_season_tick@global@df@@3PEAHEA
?world@global@df@@3PEAU02@EA
??0PersistentDataItem@DFHack@@QEAA@XZ
?_identity@building_farmplotst@df@@2Vvirtual_identity@DFHack@@A
?_identity@item_seedsst@df@@2Vvirtual_identity@DFHack@@A
?find@plant_raw@df@@SAPEAU12@H@Z
?ival@PersistentDataItem@DFHack@@QEAAAEAHH@Z
?val@PersistentDataItem@DFHack@@QEAAAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?isValid@PersistentDataItem@DFHack@@QEBA_NXZ
?getBiomeTypeWithRef@Maps@DFHack@@YA?AW4biome_type@3enums@df@@FFF@Z
?getBlockTileBiomeRgn@Maps@DFHack@@YA?AUcoord2d@df@@PEAUmap_block@4@U34@@Z
?getTileDesignation@Maps@DFHack@@YAPEATtile_designation@df@@HHH@Z
?getTileBlock@Maps@DFHack@@YAPEAUmap_block@df@@HHH@Z
??0PluginCommand@DFHack@@QEAA@$$QEAU01@@Z
??1PluginCommand@DFHack@@QEAA@XZ
??0PluginCommand@DFHack@@QEAA@PEBD0P6A?AW4command_result@1@AEAVcolor_ostream@1@AEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z_N0@Z
??Bcoord@df@@QEBA?AUcoord2d@1@XZ
??0coord@df@@QEAA@GGG@Z
?is_instance@virtual_identity@DFHack@@QEAA_NPEAX@Z
?unregister@DebugRegisterBase@DFHack@@IEAAXPEAVDebugCategory@2@@Z
??0DebugRegisterBase@DFHack@@IEAA@PEAVDebugCategory@1@@Z
?getStream@DebugCategory@DFHack@@QEBA?AUostream_proxy_prefix@12@W4level@12@AEAVcolor_ostream@2@@Z
??_Dostream_proxy_prefix@DebugCategory@DFHack@@QEAAXXZ
?isEnabled@DebugCategory@DFHack@@QEBA_NW4level@12@@Z
?getInstance@Core@DFHack@@SAAEAV12@XZ
?Reset@Core@Lua@DFHack@@YAXAEAVcolor_ostream@3@PEBD@Z
?printerr@color_ostream@DFHack@@QEAAXPEBDZZ

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exceptions@std@@YAHXZ
?_Xlength_error@std@@YAXPEBD@Z
_Thrd_id
_Mtx_lock
_Mtx_unlock
_Cnd_signal
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memset
memmove
memcpy
memcmp
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_initterm_e
_execute_onexit_table
_seh_filter_dll
_cexit
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_initterm
_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-string-l1-1-0

toupper

kernel32

InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

plugin_abi_version
plugin_dev
plugin_enable
plugin_git_description
plugin_globals
plugin_init
plugin_is_enabled
plugin_load_site_data
plugin_name
plugin_onstatechange
plugin_onupdate
plugin_self
plugin_shutdown
plugin_version

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad7a084fad31e9e09699f8544fd49d50

Headers

DLL Characteristics

File Characteristics

Imports

dfhooks_dfhack

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 168B

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 168B

.rsrc
Size: 512B - Virtual size: 4KB